Professional Documents
Culture Documents
Topic
9:00am 9:15am
Welcome Remarks
9:15am 9:45am
9:45am 10:30am
10:30am 10:45am
Break
10:45am 11:15am
Contracting Overview
11:15am 11:45am
11:45am 1:00pm
No Host Lunch
1:00pm 2:30pm
2:30pm 4:00pm
Speaker
Mr. Robert Rahmer
Program Manager, IARPA
Dr. Peter Highnam
Director, IARPA
Mr. Robert Rahmer
Program Manager, IARPA
Break
Mr. Tarek Abboushi
IARPA Acquisitions
Mr. Robert Rahmer
Program Manager, IARPA
Lunch
Attendees
(No Government)
Attendees
(No Government)
Disclaimer
This presentation is provided solely for information and
planning purposes.
The Proposers Day Conference does not constitute a formal
solicitation for proposals or proposal abstracts.
Nothing said at Proposers Day changes requirements set
forth in a Broad Agency Announcement (BAA).
Schedule
Full Proposals are due ~45 days after BAA is published.
Once BAA is released, questions can only be submitted and
answered in writing via the BAA guidance.
IARPA Overview
Department of State
Department of Energy
National Geospatial-Intelligence
Agency
Army
Navy
Coast Guard
Air Force
Marine Corps
Social-Cultural and
Linguistic Factors
Providing powerful
new sources of
information from
massive, noisy data
that currently
overwhelm analysts.
Improving Analytic
Processes
Dramatic enhancements
to the analytic process
at the individual and
group level.
Novel Access
Accurately locate HF
emitters and low-power,
moving emitters with a
factor of ten improvement
in geolocation accuracy
10
Computational
Power
Trustworthy
Components
Revolutionary
advances in science
and engineering to
solve problems
intractable with todays
computers
11
S&T
Intelligence
Indications &
Warnings
Detecting and
forecasting the
emergence of new
technical capabilities.
Strategic
Forecasting
Probabilistic forecasts of
major geopolitical trends
and rare events.
12
Opportunities to Engage:
Research Programs
Multi-year research funding opportunities on specific topics
Proposers Days are a great opportunity to learn what is coming, and to influence the program
Seedlings
Allow you to contact us with your research ideas at any time
Funding is typically 9-12 months; IARPA funds to see whether a research program is warranted
IARPA periodically updates the topics of interest
13
Concluding Thoughts
Our problems are complex and truly multidisciplinary
Technical excellence & technical truth
Scientific Method
Peer/independent review
Contact Information
Phone: 301-851-7500
INTELLIGENCE ADVANCED RESEARCH PROJECTS ACTIVITY (IARPA)
14
CYBER-ATTACK AUTOMATED
UNCONVENTIONAL SENSOR ENVIRONMENT
(CAUSE) Program Overview
CAUSE Overview
CAUSE is a multi-year research and development program.
It seeks to develop new automated methods for forecasting
and detecting cyber-attacks, hours to weeks earlier than
existing methods.
The CAUSE Program aims to develop and validate
unconventional multi-disciplined sensor technology that will
forecast cyber-attacks and complement existing advanced
intrusion detection capabilities.
16
Background
Cyber attacks evolve in a phased approach, which includes
activities and observations before a significant event occurs:
target reconnaissance, planning, and delivery.
Detection of new cyber events and phenomena typically
occurs in later phases of an attack
Analysis occurs post-mortem to discover indicators from
earlier phases.
17
Background
Cyber Threat Intelligence capabilities often report threat actor
activities, behaviors, and planning through observables from
publicly available data, such as social media, news, chat,
blogs, message boards, and many others, providing the
means to infer motivations and intentions.
18
Background
Published research states some of these publicly available
data sources are useful in the early detection of other events
such as disease outbreaks and macroeconomic trends.
News feeds, Twitter, blogs, and web search queries
19
Current Research
Cyber attack prediction research has evolved, utilizing a
combination of techniques:
Detailed knowledge of internal network infrastructures
Analysis of known vulnerabilities
Intrusion detection sensors for monitoring of an event in
progress to predict future phases of an attack.
20
Current Research
IARPAs Open Source Indicators (OSI) program developed
methods for detecting / anticipating unexpected societal
events (e.g., political crises, disease outbreaks) by fusing data
of multiple types from multiple sources and utilizing ensemble
machine learning methods.
Few have researched methods for a probabilistic warning
system for cyber defense that focuses on utilizing sensors
external to an enterprise.
21
22
Evaluation
Teams will deliver real-world cyber-attack warnings.
The goal is to Beat the Security Incident Reports.
Teams choose sensors, data, and methods.
Teams are rewarded for early and accurate warnings of as many
reportable events as possible.
Warning delivered to IARPA =
{Time stamp, Probability of attack, Cyber-attack details}
Event details =
(Event-Class, [Attacker], [Target], Event Time)
Performers will send additional context about events which will be
valuable to end users.
Competitive forecasting tournament the delivery of successive,
better warnings is expected; each warning will be scored separately.
INTELLIGENCE ADVANCED RESEARCH PROJECTS ACTIVITY (IARPA)
23
Industry Scope
CAUSE is a research program, not an operational activity.
In earlier phases, CAUSE will focus research on a particular U.S.
business sector(s) that will be identified in the BAA. IARPA is
choosing a business sector(s) with the following characteristics:
24
25
Probability score:
26
Metrics
Lead Time (Drives earlier event detection)
Time between warning and security incident report.
Teams will be asked to identify successive warnings for the same
event. The Government team will use this information for assessment
of teams approach for early detection.
Probability Score
Quadratic score = 1 (o-p)2
p is the probability assigned to the warning, o is ground truth:
1 if the event occurred, 0 if the event didnt occur within 7 days.
27
28
Time
Stamp
Probability
Source of
Attack Type
of Event
Attack
CW1:
8/1/2015
.25
CW2:
8/3/2015
.40
CW3:
8/6/2015
.75
Ground
8/10/2015
Truth:
Remote
Exploit
Remote
Exploit
Remote
Exploit
Remote
Exploit
Victim
Time of
Attack
Unknown
Business A 8/4/2015
IP w.x.y.z
IP a.b.c.d
IP w.x.y.z
IP w.x.y.z
IP a.b.c.d,
Vuln x-1
IP a.b.c.d,
Vuln x-1
8/4/2015
8/4/2015
8/4/2015
29
Organization
Logical
Address
CW1:
Industry X
Business A
.5
CW2:
Industry X
Business A
IP a.b.c.d
.75
CW3:
Ground
Truth:
Industry X
Business A
IP a.b.c.d
Vuln x-1
Industry X
Business A
IP a.b.c.d
Vuln x-1
Warning
Overall
Scores
Warning
CW1:
CW2:
CW3:
Vulnerability Score
Lead
Time
Probability
Score
Utility
Time
Quality
Score
9 Days
7 Days
4 Days
.44
.64
.94
3 Days
1 Day
0 Days
2.5
3.08
3.67
30
Metrics
Recall:
Number of cyber events identified by Government team for which performer
team sent a warning to IARPA with non-zero lead time and quality
Total number of relevant cyber events identified by Government team
31
Cyber-attack Events
Examples of events to forecast:
Cyber Event
Type
Unauthorized
Access
Description
An individual gains logical access without permission to a network,
system, application, data, or other resource.
Denial of
Service (DoS)
32
Warning Generation
It is expected that the technology developed under this effort
will have no human in the loop.
Experts can help develop and train the system, but they
will not manually generate warnings, guide the system, or
filter warnings before they are sent to IARPA.
Teams systems must include an audit trail for each warning,
listing relevant evidence and weights.
Warnings that are related should be explicitly identified for
additional evaluation by the Government team.
Successive warnings for the same event,
Warning for mutually exclusive events.
INTELLIGENCE ADVANCED RESEARCH PROJECTS ACTIVITY (IARPA)
33
Program Structure
34
Program Structure
Phase 1 (18 months): External Data Sources
Identify predictive threat signals from technical and unconventional
Goal 1
sources
Goal 2 Perform data classification and training for model development
Goal 3 Generate Warnings
Phase 2 (12 months): Data Fusion w/Internal Data Sources
Goal 1 Create a data fusion model for integrating external and internal data
Goal 2 Research highly effective algorithms for processing massive data
Goal 3 Generate Warnings
Phase 3 (12 months): Solution Flexibility Enhancement
Goal 1 Evaluate solutions flexibility to integrate within a new organization
Goal 2 Evaluate capability for forecasting cyber attacks across multiple
organizations
Goal 3 Generate Warnings
INTELLIGENCE ADVANCED RESEARCH PROJECTS ACTIVITY (IARPA)
35
Milestones
Metric
Phase 1
Phase 2
Phase 3
2 days
3 days
5 days
2.4
3.2
1 day
2 days
3 days
3.5
Recall
0.5
0.7
0.8
< 0.5
< 0.2
< 0.1
36
37
Data
Acquisition/collection of external data will require resources
(time and budget) by each team, and data requirements will
likely overlap across teams.
In later phases, performers will use internal data from
participating U.S. business sector organization(s).
Performers may want to access their own or another
organizations internal technical data sources earlier in the
program to aid R&D of novel sensors to support future program
goals.
BAA will ask bidders to identify internal data sources required
to extract novel signals from participating U.S. business sector
organization(s).
INTELLIGENCE ADVANCED RESEARCH PROJECTS ACTIVITY (IARPA)
38
External Unconventional
Sensor Data
Phase 1 Phase 2
Ground
Truth
PerformerPerformer
1
2Performer n
Forecasting
ForecastingForecasting
Model Model
Model
PerformerPerformer
1
2Performer n
Forecasting
ForecastingForecasting
Model Model
Model
Phase 1
Warnings
Internal
Sensor Data
Normalization
& Encoding
Phase 2
Warnings
T&E Scoring
39
Team Composition
Given the combination of technical challenges, we anticipate
teams will possess expertise in:
Computer science
Data science
Social and Behavioral science
Mathematics and statistics
Content extraction
Information theory
Cyber-security
Software development
40
Teaming
Because of the many challenges presented by this
program, both depth and diversity will be beneficial.
Throughput. Consider all that you will need to do, all the ideas you will
need to test.
Make sure you have enough people with the right expertise to do the job.
Sufficient resources to follow critical path while still exploring alternatives
risk mitigation
41
Summary
CAUSE seeks to develop new automated methods for
forecasting and detecting cyber-attacks, hours to weeks
earlier than existing methods.
The Program aims to develop and validate unconventional
multi-disciplined sensor technology that will forecast cyberattacks and complement existing advanced intrusion
detection capabilities.
We are looking for well-executed, creative ideas for
unconventional sensors.
The BAA supersedes anything presented or said at the
Proposers Day by IARPA.
INTELLIGENCE ADVANCED RESEARCH PROJECTS ACTIVITY (IARPA)
42
Questions?
43
Contracting Overview
45
Responding to Q&As
Please read entire BAA before submitting questions
Pay attention to Section 4 (Application & Submission
Info)
Read Frequently Asked Questions on the IARPA @
http://www.iarpa.gov/index.php/faqs
Send your questions as soon as possible
CAUSE BAA: dni-iarpa-baa-15-06@iarpa.gov
Write questions as clearly as possible
Do NOT include proprietary information
INTELLIGENCE ADVANCED RESEARCH PROJECTS ACTIVITY (IARPA)
46
Eligible Applicants
Collaborative efforts/teaming strongly encouraged
Content, communications, networking, and team formation are
the responsibility of Proposers
47
Ineligible Organizations
Other Government Agencies, Federally Funded Research and
Development Centers (FFRDCs), University Affiliated
Research Centers (UARCs), and any organizations that have a
special relationship with the Government, including access to
privileged and/or proprietary information, or access to
Government equipment or real property, are not eligible to
submit proposals under this BAA or participate as team
members under proposals submitted by eligible entities.
48
49
Pre-Publication Review
Funded Applied Research efforts, IARPA encourages:
Publication for Peer Review of UNCLASSIFIED research
50
51
52
53
54
IARPA Funding
IARPA funds Applied Research for the Intelligence
Community (IC)
IARPA cannot waive the requirements of Export
Administrative Regulation (EAR) or International Traffic in
Arms Regulation (ITAR)
Not subject to DoD funding restrictions for R&D related to
overhead rates
55
Disclaimer
This is Applied Research for the Intelligence Community
Content of the Final BAA will be specific to this program
The Final BAA is being developed
Following issuance, look for Amendments and Q&As
There will likely be changes
The information conveyed in this brief and discussion is for
planning purposes and is subject to change prior to the
release of the Final BAA.
56
QUESTIONS ?
57
ADI TECHNOLOGIES
RepKnight Social
Networks OSINT (Open
Source Intelligence) as a
complement to SIGINT,
MILINT, HUMINT
George Barros
Social Media Engineer/
CISO
ADI Technologies, Inc.
gbarros@repknight.com
(703) 734-9626
www.aditechnologies.com
Predicting Cyber Attacks through Interaction and Actor Behavior Modeling and Event Detection in
Dark Web, Black Market and Underground Forums
Robert Filar
Battelle Cyber Innovations
filarr@battelle.org
Current state-of-the-art cyber security technology relies heavily on signatures to derive threats or
anomalies. While this approach has proven valuable in the past, attacks have grown in sophistication and
these techniques have led to cyber security practitioners to focus on the effects of an attack as opposed
to determining and mitigating the cause. A shortcoming of these systems is a lack of novel sources for
data enrichment and probabilistic warnings based on unconventional data sources. One such source is
the significant amount of cyber threat activity that occurs within Dark Web, black market and
underground forums/marketplaces. However, unlike traditional social media, forum data presents
problems when performing social network analysis and event detection. Properly modeling interactions
among nefarious actors can lead to accurate depictions of threat community behavior. This technique
aids in uncovering illicit networks, identifying influential members, and generating accurate social
graphs.
In its proposed research for CAUSE, Battelle will seek to enhance its technology called DarkScout that
collects and integrates forum, marketplace and social content with flexible tools for the structured
consumption of irregular media in hostile web environments. DarkScout uses language-agnostic
algorithms to collect, organize and analyze contextual information surrounding media items to uncover
community structures, and adversary pattern-of-life, trends, motivation, intent and capabilities. Further,
SME-developed ontologies provide a foundation for performing event detection and training text
analysis classifiers to extract potential indicators of cyber attack. The identification of anomalous events
is augmented with pattern-of-life analysis to provide a temporal view of incoming threats.
In its CAUSE-supported research, Battelle will augment Interaction Modeling, Actor Behavior Models
and integrate technology to analyze and de-anonymize Bitcoin sale/purchase activity to capture
communication exchanges more accurately within threat-actor forums and enrich it with temporal event
data, yielding robust information propagation models. Propagation models provide definitive analysis of
how far and how fast information spreads, and indicates threat momentum. Entity extraction of technical
indicators will inform propagation models to provide a realistic view of whether threat actors are
seeking to exploit an attack vector, and provide early warning of cyber attacks via a robust Application
Programming Interface. Battelle will seek to work with other researchers who are developing advanced
Intrusion Detection Systems and network sensor systems that would benefit from enriched data sources
and models depicting threat-actor behavior and activity.
Research Areas
Anonymous Internet
Communications
Network Security
Firmware Reverse
Engineering
Cyber/Threat
Intelligence
Hardware Reverse
Engineering
Software/Malware
Reverse Engineering
Mobile Security
Integrated Circuit
Exploitation
Foreign Materiel
Exploitation
Business Sensitive
DarkScout: Automated
collection, organization and
analysis of Dark Web/
Underground content.
PEAR: Next-generation
mis-/non-attributable
internet communications
via asynchronous routing.
ECAT: Authentication of
electronic components in the
supply chain via statistical
analysis of noise signals
Contact Information
Tami Peli
V.P., Director of Business Development
Battelle Cyber Innovations
peli@battelle.org
571-227-6314 (office)
781-856-8098 (mobile)
http://www.battelle.org/ourwork/national-security/cyberinnovations
5
Dr. Paulo Shakarian is an Assistant Professor at Arizona State University where he works in the Big
Data group. He specializes in advanced data analytics, network science, artificial intelligence, and cybersecurity. Specific application domains have included intelligence analysis, counter-insurgency, counterIED, law-enforcement, and cyber-security. His previous work has been presented at major academic
venues including KDD, AAMAS, and ESORICS as well as industry conferences such as ShmooCon. His
work has been funded by the ARO, DARPA, IARPA, and USAF A2II. Shakarians work on analyzing
geospatial data resulted in the "SCARE" software for locating weapons caches that was used by Task
Force Paladin in Afghanistan and also featured in The Economist. His work on social network data
analytics resulted in the "GANG" and "SNAKE" software packages that are currently in use by the
Chicago Police and also featured in Popular Science. Dr. Shakarian is also the author of two books,
including Elseviers Introduction to Cyber-Warfare. Previously, Dr. Shakarian was a commissioned
officer in the U.S. Army where he worked in a variety of intelligence positions that include combat tours
in Operation Iraqi Freedom. He is a recipient of the Bronze Star and Army Commendation Medal for
Valor.
Contcat information:
Advancing cybersecurity
through outreach, research
and collaboration with
academia, industry and
government.
David Burke, PI
Galois, Inc.
Creating trustworthiness in critical systems
Founded in 1999, 50+ employees, based in
Portland OR.
Numerous DOD, IC, Government & Commercial
clients.
Extensive experience in domains such as software
correctness, mobile security, cyber physical
systems, computer security, cryptography, machine
learning, and human-computer interaction.
Contact Information
David Burke
Research Program Lead
Galois, Inc.
davidb@galois.com
(503) 330-9512
www.galois.com
IBMs Cognitive Cyber Security Defense (CCD) is a big data and analytic solution that
employs machine learning techniques to provide an adaptive and agile defensive
posture in real-time. It is an integrated solution with proven machine learning models
from IBM Research with the ability to build new families of Cyber models to react to the
ever changing Advanced Persistent Threat (APT) environment. The Cognitive Cyber
Security Defense solution is designed to scale from an entry-basic configuration up to a
full-capability system depending on your cyber defense needs. It provides a machine
learning workbench for the development of your own predictive cyber models. These
models can perform behavior analytics as well as target specific DNS related attack
types as well as behavior modeling of netflow data. Key attributes of the system are:
1. The CCD solution is an APT detector comprised of a family of pretrained
machine learning models outputted to rich visualization
2. Solution runs on x-86 infrastructure running RHEL 6.1 or higher
3. It can connect to existing Cyber SIEM, Big Data or Cloud Solutions
4. The Models dynamically update with changing threat vectors
5. We have field tested this solution with numerous customers from Utilities to
telcos to a large commercial entities
IBM Cognitive
Cyber Defense
IARPA CAUSE
IBM S MACHI NE L E A R NING CYBER SECUR ITY
SO L U TI ON
21 January 2015
Greg Porpora
IBM Federal Chief Engineer Cognitive Computing & Analytics
Extract
Netflow &
DNS
Features
Anomaly
Detection
via Trained
Models
Dynamically
Retrain Models
3
2014 IBM Corporation
Net Flow
Base Models
WHOIS or Maxmind
Beaconing-Exfiltration tests
Compare detected Fast Flux DNS and associated IP
addresses performing Intrusion to outbound DNS-IP traffic
for matches
Match real-time behavior-signature to historically derived
and dynamically updated
Network Behavior
Modeling
Fast Fluxing
DNS Amplification
Attacks
DNS Poisoning
DNS Tunneling
Net Flow Behavior
Modeling
(Cognos)
APT Detection
Forensic Analysis
(i2)
Botnet Topology and
Attack Reconstruction
Adaptive Profiling
2014
IBM Corporation
Who we are:
Small, veteran-owned
business started in 2001
42 technical staff 17 PhD,
19 MS degrees
Premium services in
decision & risk analysis,
operations research, and
systems engineering
GSA MOBIS and SeaPort
schedules
TS facility clearance
What we do:
Decision Support Tools
and Analytics Research
- Cyber Risk Tool
- Cyber Risk Metrics
Extract from raw data
descriptive and predictive
analytics
Multidisciplinary projects
that typically merge social
and behavioral science with
technical approaches
Build probabilistic models
for environments under
conditions of uncertainty
(e.g., Multivariate Analysis,
Bayesian Networks)
Dennis Buede, President
dbuede@innovativedecisions.com
Judith Jacobson, BD
jjacobson@innovativedecisions.com
Richard Brown, Principal Analyst
rbrown@innovativedecisions.com
www.innovativedecisions.com
703-861-3678
UNCLASSIFIED
SAILBOAT
SAILBOAT Overview
Semi-Active Inference-Level
Behavior-Observing Automated Telemetry
Passive
Sensors
Operational
Tools
Semi-active Sensors
Designed To
Inference Goals
Secondary
(Inferred)
Data
Roles
Organizational
Geolocation
Passive
Primary
Data
Motives
Methods
Legacy
Inference
Opportunities
Knowledge propagation
Protocols
Transactions
Packets
Inter-session features
Sessions
Watering- Hole
Techniques
Example: Certificate compromise rumor injection, Computer service behavior deviations based on
followed by semi-active detection of certificate
triggering events or identifying client behavior /
rejection by candidate actors.
attributes.
Spear-Flushing
Inference
Goals
Actors
Legacy
Inference
Potential Advantages
Example Narrative
Actor A is high-knowledge and motivated, and has similar
attributes with actor B, who is known to have opportunity to
access a sensitive asset, but there is no correlating primary
evidence that A and B are connected. Through canary or
watering hole techniques, an Actor A session is presented
with evidence of a compromise of a particular root
certificate. The semi-active sensor then uses watering-hole
techniques to test when and if Actor B has reconfigured to
reject certificates signed by the rumored compromised root
certificate. Timing and other data (searches, chatter) may
clearly indicate actor models A and B may be merged, or
indicate direct-knowledge transfer that indicates close
knowledge transfer graph adjacency. A merger of A and B
further completes the Motive, Method, and Opportunity
characteristics of the Actor model, and indicates
probable attack on the accessible asset.
Risk Mitigation
Risks include the leaking of data state of the model.
Mitigations:
Probabilistic sensor behavior dithering.
Hard limits on state-driven sensor action exposures.
UNCLASSIFIED
EMERGING DOMAINS
INTELLIGENT SYSTEMS FOR FORECASTING AND DETECTING CYBER ATTACKS
Figure 1: Matrix of SoarTechs core capabilities, related applications and relevant examples.
The
Challenge:
Potential
Approach:
Current approaches to detecting cyber attacks are reactive and shallow. They are
reactive because they focus on what adversaries have done in the past, rather than
anticipating what they may do in the future. They are shallow because they focus on
cyber observables without reasoning about adversaries goals and objectives.
Applying SoarTechs core capabilities (shown in Figure 1) we have experience to
combine innovative analytics on observables with sophisticated behavioral models of
cyber actors that can support both cognitive reasoning (extending the model through
experience and explaining reasoning to humans) and Monte Carlo exploration (for
probabilistic forecasting over multiple possible futures).
dylan.schmorrow@soartech.com
denise.nicholson@soartech.com
van.parunak@soartech.com
We are interested in discussing partnerships and collaborations.
Below are the logos of a few of our Sponsors and Partners for related research.
ADAPTATION
HUMAN/SYSTEM
INTERFACE
DECISION SUPPORT
BEHAVIOR MODELING
CYBER SIMULATION
Multi-Future Probabilistic
Forecasting
Multiple agents search
alternative paths through
complex behavior models in
parallel
Any-time forecast adjusts in
real time to incoming data;
runs 104x faster than real
time
Yields probability distribution
over alternative futures to
support ACH and mitigate
cognitive anchoring
Cognitive Red-Team
Agents
Enables scalable,
repeatable wargaming
and testing of security and
network infrastructure
Relevant Research
to be Leveraged:
POCS
Dylan Schmorrow, Ph.D.
Chief Scientist
703.424.3138
dylan.schmorrow@soartech.com
SRA International
Joseph Pemberton
Current Teammates:
Context Relevant
Bromium
Contact Information
Joseph Pemberton
Technical Director
SRA International
joe_pemberton@sra.com
703-803-1882
www.sra.com
About ViON
| S O L U T I O N B R I E F
Full attribution: Achieve greater accuracy with an entity resolution and analytic engine that accumulates a
history as opposed to a snapshot of each individual or company in the database over time.
Relationship resolution: Identify & compare non-obvious relationships between addresses, phone numbers, email addresses, and other characteristics discovered and linked across multiple individuals
Link analysis: Analyze, visualize, and extend these relationships building complex structures, revealing the
hierarchies and methods of operation employed by criminal, terrorist and fraudulent networks
Real-time changes: Compare identity records to the database upon receipt to determine if it resolves an
existing record, is new, or requires and unresolve of an existing record.
Self-healing and self-correcting: Automatically examine and update any entity in the repository that would be
affected based on new observations.
Autonomic real-time alerting: Automatically check against existing information and generate alerts allowing for
detailed analysis of involved parties as new data is ingested.
Global name resolution: Apply linguistic rules automatically to find matches through cultural context via
patented IBM technology.
Behavioral and pattern analysis: Uncover coordinated activities and patterns that provide the capacity to
anticipate a pending threat event via deep data mining and statistical analysis.
To learn more of how the ViON Data Adapt Analytics solutions can help you, please visit www.vion.com.